Exemple #1
0
/*
 * Make sure the authentication key is present.
 */
int
isns_dsa_init_key(const char *filename)
{
	char	pubkey_path[1024];
	EVP_PKEY *pkey;

	isns_mkdir_recursive(isns_dirname(filename));
	snprintf(pubkey_path, sizeof(pubkey_path),
				"%s.pub", filename);
	if (access(filename, R_OK) == 0
	 && access(pubkey_path, R_OK) == 0)
		return 1;

	if (!(pkey = isns_dsa_generate_key())) {
		isns_error("Failed to generate AuthKey\n");
		return 0;
	}

	if (!isns_dsa_store_private(filename, pkey)) {
		isns_error("Unable to write private key to %s\n", filename);
		return 0;
	}
	isns_notice("Stored private key in %s\n", filename);

	if (!isns_dsa_store_public(pubkey_path, pkey)) {
		isns_error("Unable to write public key to %s\n", pubkey_path);
		return 0;
	}
	isns_notice("Stored private key in %s\n", pubkey_path);

	return 1;
}
Exemple #2
0
/*
 * Open and lock the registry file for writing. Returns an
 * open stream and the name of the lock file.
 * Follow up with _finish_write when done.
 */
static FILE *
__isns_local_registry_open_write(char **lock_name)
{
	char	lock_path[PATH_MAX];
	FILE	*fp;
	int	fd, retry;

	snprintf(lock_path, sizeof(lock_path), "%s.lock",
			isns_config.ic_local_registry_file);

	for (retry = 0; retry < 5; ++retry) {
		fd = open(lock_path, O_RDWR|O_CREAT|O_EXCL, 0644);
		if (fd >= 0)
			break;
		if (errno != EEXIST) {
			isns_error("Unable to create %s: %m\n",
					lock_path);
			return NULL;
		}
		isns_error("Cannot lock %s - retry in 1 sec\n",
					isns_config.ic_local_registry_file);
		sleep(1);
	}

	if (!(fp = fdopen(fd, "w"))) {
		isns_error("fdopen failed: %m\n");
		close(fd);
		return NULL;
	}
	isns_assign_string(lock_name, lock_path);
	return fp;
}
Exemple #3
0
DSA *
isns_dsa_load_params(const char *filename)
{
	FILE	*fp;
	DSA	*dsa;

	if (!filename) {
		isns_error("Cannot generate key - no DSA parameter file\n");
		return NULL;
	}
	if (!(fp = fopen(filename, "r"))) {
		isns_error("Unable to open %s: %m\n", filename);
		return NULL;
	}

	dsa = PEM_read_DSAparams(fp, NULL, NULL, NULL);
	fclose(fp);

	if (dsa == NULL) {
		isns_dsasig_report_errors("Error loading DSA parameters",
				isns_error);
	}

	return dsa;
}
Exemple #4
0
int
isns_dsa_store_private(const char *name, EVP_PKEY *key)
{
	FILE	*fp;
	int	rv, fd;

	if ((fd = open(name, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) {
		isns_error("Cannot save DSA key to %s: %m\n", name);
		return 0;
	}

	if (!(fp = fdopen(fd, "w"))) {
		isns_error("fdopen(%s): %m\n", name);
		close(fd);
		return 0;
	}

	rv = PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL);
	fclose(fp);

	if (rv == 0)
		isns_dsasig_report_errors("Failed to store private key",
				isns_error);

	return rv;
}
Exemple #5
0
int
deregister_domain(isns_client_t *clnt, int argc, char **argv)
{
	isns_attr_list_t attrs = ISNS_ATTR_LIST_INIT;
	isns_simple_t	*msg;
	uint32_t	dd_id, status;

	if (!parse_dd_deregistration(argv, argc, &dd_id, &attrs))
		isns_fatal("Unable to parse DD registration\n");

	msg = isns_create_dd_deregistration(clnt, dd_id, &attrs);
	isns_attr_list_destroy(&attrs);

	if (msg == NULL) {
		isns_error("Cannot create message\n");
		return ISNS_INTERNAL_ERROR;
	}

	status = isns_client_call(clnt, &msg);
	if (status != ISNS_SUCCESS) {
		isns_error("Deregistration failed: %s\n",
				isns_strerror(status));
		return status;
	}

	isns_simple_free(msg);
	return status;
}
Exemple #6
0
/*
 * Read the registry file, match each entry against the given owner=<foo> tag,
 * and invoke the callback function.
 * This is used for both reading the registry, and rewriting it.
 */
static int
__isns_local_registry_read(const char *match_owner,
			__isns_local_registry_cb_fn_t handle_matching,
			__isns_local_registry_cb_fn_t handle_nonmatching,
			void *user_data)
{
	const char	*filename = isns_config.ic_local_registry_file;
	char		*line, *copy = NULL;
	FILE		*fp;
	int		rv = 0, owner_len;

	if (!(fp = fopen(filename, "r"))) {
		if (errno == ENOENT) {
			isns_debug_state("Unable to open %s: %m\n", filename);
			return 1;
		}
		isns_error("Unable to open %s: %m\n", filename);
		return 0;
	}

	owner_len = match_owner? strlen(match_owner) : 0;
	while ((line = parser_get_next_line(fp)) != NULL) {
		__isns_local_registry_cb_fn_t *cb;
		char	*argv[256], *owner;
		int	argc = 0;

		isns_assign_string(&copy, line);

		argc = isns_attr_list_split(line, argv, 255);
		if (argc <= 0)
			continue;

		/* Last attr should be owner */
		if (strncasecmp(argv[argc-1], "owner=", 6)) {
			isns_error("%s: syntax error (missing owner field)\n",
					filename);
			goto out;
		}
		owner = argv[argc-1] + 6;

		if (!strncasecmp(owner, match_owner, owner_len)
		 && (owner[owner_len] == '\0' || owner[owner_len] == ':'))
			cb = handle_matching;
		else
			cb = handle_nonmatching;

		if (cb && !cb(copy, argc, argv, user_data))
			goto out;

	}
	rv = 1;

out:
	free(copy);
	fclose(fp);
	return rv;
}
Exemple #7
0
int
query_entity_id(isns_client_t *clnt, int argc, char **argv)
{
	isns_attr_list_t query_key = ISNS_ATTR_LIST_INIT;
	isns_object_list_t objects = ISNS_OBJECT_LIST_INIT;
	uint32_t	status;
	isns_simple_t	*qry;
	const char	*eid;

	if (argc == 1 && !strcmp(argv[0], "help")) {
		printf("Query iSNS for own entity ID.\n"
		       "No arguments allowed\n");
		exit(0);
	}
	if (argc != 0)
		isns_fatal("EID query - no arguments accepted\n");

	isns_attr_list_append_string(&query_key,
			ISNS_TAG_ISCSI_NAME,
			isns_config.ic_source_name);
	qry = isns_create_query(clnt, &query_key);
	isns_attr_list_destroy(&query_key);

	isns_query_request_attr_tag(qry, ISNS_TAG_ENTITY_IDENTIFIER);

	status = isns_client_call(clnt, &qry);
	if (status != ISNS_SUCCESS) {
		isns_error("Query failed: %s\n", isns_strerror(status));
		return status;
	}

	status = isns_query_response_get_objects(qry, &objects);
	if (status) {
		isns_error("Unable to extract object list from query response: %s\n",
				isns_strerror(status), status);
		return status;
	}

	status = ISNS_NO_SUCH_ENTRY;
	if (objects.iol_count == 0) {
		isns_error("Node %s not registered with iSNS\n",
				isns_config.ic_source_name);
	} else
	if (!isns_object_get_string(objects.iol_data[0],
				ISNS_TAG_ENTITY_IDENTIFIER, &eid)) {
		isns_error("Query for %s returned an object without EID\n",
				isns_config.ic_source_name);
	} else {
		printf("%s\n", eid);
		status = ISNS_SUCCESS;
	}

	isns_object_list_destroy(&objects);
	isns_simple_free(qry);

	return status;
}
Exemple #8
0
/*
 * Callback function which builds an iSNS object from the
 * list of attr=tag values.
 */
static int
__isns_local_registry_load_object(const char *line,
		int argc, char **argv, void *user_data)
{
	isns_attr_list_t attrs = ISNS_ATTR_LIST_INIT;
	struct isns_attr_list_parser state;
	isns_object_list_t *list = user_data;
	isns_object_t *obj, *entity = NULL;

	for (; argc > 0; --argc) {
		char	*attr = argv[argc-1];

		if (!strncasecmp(attr, "owner=", 6)) {
			char *eid = __isns_local_registry_entity_name(attr + 6);
			ISNS_QUICK_ATTR_LIST_DECLARE(key_attrs,
					ISNS_TAG_ENTITY_IDENTIFIER,
					string, eid);

			if (entity) {
				isns_error("Duplicate owner entry in registry\n");
				continue;
			}
			isns_attr_print(&key_attrs.iqa_attr, isns_print_stdout);
			entity = isns_object_list_lookup(list,
					&isns_entity_template,
					&key_attrs.iqa_list);
			if (entity != NULL)
				continue;

			isns_debug_state("Creating fake entity %s\n", eid);
			entity = isns_create_entity(ISNS_ENTITY_PROTOCOL_ISCSI, eid);
			isns_object_list_append(list, entity);
		} else {
			break;
		}
	}

	isns_attr_list_parser_init(&state, NULL);
	if (!isns_parse_attrs(argc, argv, &attrs, &state)) {
		isns_error("Unable to parse attrs\n");
		isns_attr_list_destroy(&attrs);
		return 0;
	}

	obj = isns_create_object(isns_attr_list_parser_context(&state),
					&attrs, entity);
	isns_attr_list_destroy(&attrs);

	if (obj == NULL) {
		isns_error("Unable to create object\n");
		return 0;
	}

	isns_object_list_append(list, obj);
	return 1;
}
int isns_get_nr_portals(void)
{
	char		buffer[8192], *end, *ptr;
	struct ifconf	ifc;
	unsigned int	nportals = 0;
	int		fd = -1;

	if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
		isns_error("%s: no socket - %m\n", __FUNCTION__);
		return 0;
	}

	ifc.ifc_buf = buffer;
	ifc.ifc_len = sizeof(buffer);
	if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) {
		isns_error("ioctl(SIOCGIFCONF): %m\n");
		goto out;
	}

	ptr = buffer;
	end = buffer + ifc.ifc_len;
	while (ptr < end) {
		struct ifreq	ifr;
		struct sockaddr_storage ifaddr;
		int		ifflags;

		memcpy(&ifr, ptr, sizeof(ifr));
		ptr += sizeof(ifr);

		/* Get the interface addr */
		memcpy(&ifaddr, &ifr.ifr_addr, sizeof(ifr.ifr_addr));

		if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0) {
			isns_error("ioctl(%s, SIOCGIFFLAGS): %m\n",
					ifr.ifr_name);
			continue;
		}
		ifflags = ifr.ifr_flags;

		if ((ifflags & IFF_UP) == 0)
			continue;
		if ((ifflags & IFF_LOOPBACK) != 0)
			continue;

		if (ifaddr.ss_family == AF_INET6 || ifaddr.ss_family == AF_INET)
			nportals++;
	}

out:
	if (fd >= 0)
		close(fd);
	return nportals;
}
Exemple #10
0
int
isns_dsasig_sign(isns_security_t *ctx,
			isns_principal_t *peer,
			buf_t *pdu,
			struct isns_authblk *blk)
{
	static unsigned char signature[1024];
	unsigned int	sig_len = sizeof(signature);
	EVP_MD_CTX	*md_ctx;
	EVP_PKEY	*pkey;
	const BIGNUM    *priv_key = NULL;
	int		err;

	if ((pkey = peer->is_key) == NULL)
		return 0;

	if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
		isns_debug_message(
			"Incompatible public key (spi=%s)\n",
			peer->is_name);
		return 0;
	}
	if (EVP_PKEY_size(pkey) > sizeof(signature)) {
		isns_error("isns_dsasig_sign: signature buffer too small\n");
		return 0;
	}
	DSA_get0_key(EVP_PKEY_get0_DSA(pkey), NULL, &priv_key);
	if (priv_key == NULL) {
		isns_error("isns_dsasig_sign: oops, seems to be a public key\n");
		return 0;
	}

	isns_debug_auth("Signing messages with spi=%s, DSA/%u\n",
			peer->is_name, EVP_PKEY_bits(pkey));

	md_ctx = EVP_MD_CTX_new();
	EVP_SignInit(md_ctx, EVP_dss1());
	isns_message_digest(md_ctx, pdu, blk);
	err = EVP_SignFinal(md_ctx,
				signature, &sig_len,
				pkey);
	EVP_MD_CTX_free(md_ctx);

	if (err == 0) {
		isns_dsasig_report_errors("EVP_SignFinal failed", isns_error);
		return 0;
	}

	blk->iab_sig = signature;
	blk->iab_sig_len = sig_len;
	return 1;
}
/*
 * Create a portal group given node, portal and PGT
 */
isns_object_t *
isns_create_portal_group(isns_object_t *portal,
                         isns_object_t *node, uint32_t pg_tag)
{
    isns_attr_list_t key_attrs = ISNS_ATTR_LIST_INIT;
    isns_object_t	*obj = NULL;

    if (portal == NULL || node == NULL)
        return NULL;

    if (node->ie_container != portal->ie_container) {
        isns_error("Refusing to create portal group "
                   "linking objects from different entities\n");
        return NULL;
    }

    if (__isns_object_translate_attr(node,
                                     ISNS_TAG_ISCSI_NAME,
                                     ISNS_TAG_PG_ISCSI_NAME,
                                     &key_attrs)
            && __isns_object_translate_attr(portal,
                                            ISNS_TAG_PORTAL_IP_ADDRESS,
                                            ISNS_TAG_PG_PORTAL_IP_ADDR,
                                            &key_attrs)
            && __isns_object_translate_attr(portal,
                                            ISNS_TAG_PORTAL_TCP_UDP_PORT,
                                            ISNS_TAG_PG_PORTAL_TCP_UDP_PORT,
                                            &key_attrs)) {
        obj = __isns_pg_create(&key_attrs, pg_tag, portal, node);
    }

    isns_attr_list_destroy(&key_attrs);
    return obj;
}
Exemple #12
0
int
register_objects(isns_client_t *clnt,
		int argc, char **argv)
{
	isns_object_list_t objects = ISNS_OBJECT_LIST_INIT;
	isns_object_t	*key_obj = NULL;
	uint32_t	status;

	if (opt_key != NULL) {
		isns_attr_list_t key_attrs = ISNS_ATTR_LIST_INIT;
		struct isns_attr_list_parser state;

		isns_attr_list_parser_init(&state, NULL);

		if (!isns_parse_attrs(1, &opt_key, &key_attrs, &state)) {
			isns_error("Cannot parse registration key \"%s\"\n",
					opt_key);
			return 0;
		}

		key_obj = isns_create_object(isns_attr_list_parser_context(&state),
				&key_attrs, NULL);
		isns_attr_list_destroy(&key_attrs);

		if (!key_obj) {
			isns_error("Cannot create registration key object\n");
			return 0;
		}
	} else {
		/* If the user does not provide a key object, 
		 * create/update an entity.
		 */
		key_obj = isns_create_entity(ISNS_ENTITY_PROTOCOL_ISCSI, NULL);
	}

	if (!parse_registration(argv, argc, &objects, key_obj))
		isns_fatal("Unable to parse registration\n");

	status = __register_objects(clnt, key_obj, &objects);
	isns_object_list_destroy(&objects);

	isns_object_release(key_obj);
	return status;
}
/*
 * Given a portal group object, create the relationship
 */
isns_relation_t *
isns_db_build_pg_relation(isns_db_t *db, isns_object_t *pg,
                          const isns_object_list_t *extra_objs)
{
    isns_object_t   *entity, *node = NULL, *portal = NULL;

    entity = isns_object_get_entity(pg);

    node = __isns_pg_find_node(db, pg, extra_objs);
    if (node == NULL) {
        isns_error("Trying to register PG for non-existant node\n");
        goto failed;
    }
    if (!__isns_pg_may_relate(entity, node)) {
        isns_error("Trying to register PG for node in other entity\n");
        goto failed;
    }

    portal = __isns_pg_find_portal(db, pg, extra_objs);
    if (portal == NULL) {
        isns_error("Trying to register PG for non-existant portal\n");
        goto failed;
    }
    if (!__isns_pg_may_relate(entity, portal)) {
        isns_error("Trying to register PG for portal in other entity\n");
        goto failed;
    }

    pg->ie_relation = isns_create_relation(pg,
                                           ISNS_RELATION_PORTAL_GROUP,
                                           node, portal);
    isns_object_release(portal);
    isns_object_release(node);

    return pg->ie_relation;

failed:
    if (portal)
        isns_object_release(portal);
    if (node)
        isns_object_release(node);
    return NULL;
}
Exemple #14
0
/*
 * We're done with (re)writing the registry. Commit the changes,
 * or discard them.
 * Also frees the lock_name returned by registry_open_write.
 */
static int
__isns_local_registry_finish_write(FILE *fp, char *lock_name, int commit)
{
	int	rv = 1;

	fclose(fp);
	if (!commit) {
		if (unlink(lock_name))
			isns_error("Failed to unlink %s: %m\n", lock_name);
	} else
	if (rename(lock_name, isns_config.ic_local_registry_file)) {
		isns_error("Failed to rename %s to %s: %m\n",
				lock_name, isns_config.ic_local_registry_file);
		rv = 0;
	}

	free(lock_name);
	return rv;
}
Exemple #15
0
int
isns_query_request_attr(isns_simple_t *qry, isns_attr_t *attr)
{
	if (!ISNS_ATTR_IS_NIL(attr)) {
		isns_error("Query operating attribute must be NIL\n");
		return ISNS_INVALID_QUERY;
	}
	isns_attr_list_append_attr(&qry->is_operating_attrs, attr);
	return ISNS_SUCCESS;
}
Exemple #16
0
int
isns_dsa_init_params(const char *filename)
{
	FILE	*fp;
	DSA	*dsa;
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
	BN_GENCB	*cb;
#endif
	const int dsa_key_bits = 1024;

	if (access(filename, R_OK) == 0)
		return 1;

	isns_mkdir_recursive(isns_dirname(filename));
	if (!(fp = fopen(filename, "w"))) {
		isns_error("Unable to open %s: %m\n", filename);
		return 0;
	}

	isns_notice("Generating DSA parameters; this may take a while\n");
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
	cb = BN_GENCB_new();
	BN_GENCB_set(cb, (int (*)(int, int, BN_GENCB *)) isns_dsa_param_gen_callback, NULL);
	dsa = DSA_new();
	if (!DSA_generate_parameters_ex(dsa, dsa_key_bits, NULL, 0, NULL, NULL, cb)) {
		DSA_free(dsa);
		dsa = NULL;
	}
	BN_GENCB_free(cb);
#else
	dsa = DSA_generate_parameters(dsa_key_bits, NULL, 0,
			NULL, NULL, isns_dsa_param_gen_callback, NULL);
#endif
	write(1, "\n", 1);

	if (dsa == NULL) {
		isns_dsasig_report_errors("Error generating DSA parameters",
				isns_error);
		fclose(fp);
		return 0;
	}

	if (!PEM_write_DSAparams(fp, dsa)) {
		isns_dsasig_report_errors("Error writing DSA parameters",
				isns_error);
		DSA_free(dsa);
		fclose(fp);
		return 0;
	}
	DSA_free(dsa);
	fclose(fp);
	return 1;
}
Exemple #17
0
int
query_objects(isns_client_t *clnt, int argc, char **argv)
{
	isns_attr_list_t query_key = ISNS_ATTR_LIST_INIT;
	isns_attr_list_t oper_attrs = ISNS_ATTR_LIST_INIT;
	isns_object_list_t objects = ISNS_OBJECT_LIST_INIT;
	uint32_t	status;
	isns_simple_t	*qry;
	unsigned int	i;

	if (!parse_query(argv, argc, &query_key, &oper_attrs))
		isns_fatal("Unable to parse query\n");

	qry = isns_create_query(clnt, &query_key);
	isns_attr_list_destroy(&query_key);

	/* Add the list of attributes we request */
	for (i = 0; i < oper_attrs.ial_count; ++i)
		isns_query_request_attr(qry, oper_attrs.ial_data[i]);
	isns_attr_list_destroy(&oper_attrs);

	status = isns_client_call(clnt, &qry);
	if (status != ISNS_SUCCESS) {
		isns_error("Query failed: %s\n", isns_strerror(status));
		return status;
	}

	status = isns_query_response_get_objects(qry, &objects);
	if (status) {
		isns_error("Unable to extract object list from query response: %s\n",
				isns_strerror(status), status);
		return status;
	}

	isns_object_list_print(&objects, isns_print_stdout);
	isns_object_list_destroy(&objects);
	isns_simple_free(qry);

	return status;
}
Exemple #18
0
/*
 * Set up the SCN object.
 */
static isns_scn_t *
isns_scn_setup(isns_scn_t *scn, isns_object_t *node)
{
	isns_object_list_t portals = ISNS_OBJECT_LIST_INIT;
	isns_object_t	*entity;
	unsigned int	i;

	entity = isns_object_get_entity(node);
	if (entity == NULL
	 || !isns_object_find_descendants(entity,
			 &isns_portal_template, NULL, &portals))
		return NULL;

	for (i = 0; i < portals.iol_count; ++i) {
		isns_object_t	*portal = portals.iol_data[i];
		isns_portal_info_t info;
		isns_scn_funnel_t *funnel;

		/* Extract address and SCN port from portal */
		if (!isns_portal_from_object(&info,
				ISNS_TAG_PORTAL_IP_ADDRESS,
				ISNS_TAG_SCN_PORT,
				portal))
			continue;

		/* We know where to send our notifications! */
		if (scn == NULL) {
			isns_attr_t	*attr;

			if (!isns_object_get_attr(node, ISNS_TAG_ISCSI_NAME, &attr)
			 && !isns_object_get_attr(node, ISNS_TAG_FC_PORT_NAME_WWPN, &attr)) {
				isns_error("Attempt to set up SCN for strange node type\n");
				return NULL;
			}

			scn = isns_calloc(1, sizeof(*scn));
			scn->scn_entity = isns_object_get(entity);
			scn->scn_owner = isns_object_get(node);
			scn->scn_attr = isns_attr_get(attr);
			scn->scn_name = isns_strdup(attr->ia_value.iv_string);
		}

		funnel = isns_calloc(1, sizeof(*funnel));
		funnel->scn_portal = info;
		funnel->scn_next = scn->scn_funnels;
		scn->scn_funnels = funnel;
	}

	isns_object_list_destroy(&portals);
	return scn;
}
Exemple #19
0
/*
 * Store the given list of objects in the registry.
 * This replaces all objects previously registered by this service.
 */
int
isns_local_registry_store(const char *svcname, pid_t pid, const isns_object_list_t *objs)
{
	const char *owner = __isns_local_registry_make_owner(svcname, pid);
	char	*lock_name = NULL;
	FILE	*ofp;

	if (!(ofp = __isns_local_registry_open_write(&lock_name))) {
		isns_error("%s: could not open registry for writing\n", __FUNCTION__);
		return 0;
	}

	/* First, purge all entries previously belonging to this owner */
	if (!__isns_local_registry_read(owner, NULL, __isns_local_registry_rewrite_object, ofp))
		goto failed;

	if (objs) {
		unsigned int	i;

		for (i = 0; i < objs->iol_count; ++i) {
			isns_object_t *obj = objs->iol_data[i];
			char *argv[256];
			int i, argc;

			argc = isns_print_attrs(obj, argv, 256);
			for (i = 0; i < argc; ++i)
				fprintf(ofp, "%s ", argv[i]);
			fprintf(ofp, "owner=%s\n", owner);
		}
	}

	return __isns_local_registry_finish_write(ofp, lock_name, 1);

failed:
	isns_error("%s: error rewriting registry file\n", __FUNCTION__);
	__isns_local_registry_finish_write(ofp, lock_name, 0);
	return 0;
}
Exemple #20
0
int
deregister_objects(isns_client_t *clnt, int argc, char **argv)
{
	isns_attr_list_t query_key = ISNS_ATTR_LIST_INIT;
	isns_object_list_t objects = ISNS_OBJECT_LIST_INIT;
	isns_simple_t	*dereg;
	uint32_t	status;

	if (!parse_deregistration(argv, argc, &query_key))
		isns_fatal("Unable to parse unregistration\n");

	dereg = isns_create_deregistration(clnt, &query_key);
	isns_attr_list_destroy(&query_key);

	status = isns_client_call(clnt, &dereg);
	if (status != ISNS_SUCCESS) {
		isns_error("Deregistration failed: %s\n",
				isns_strerror(status));
		return status;
	}

#if 0
	status = isns_dereg_msg_response_get_objects(dereg, &objects);
	if (status) {
		isns_error("Unable to extract object list from deregistration response: %s\n",
				isns_strerror(status), status);
		goto done;
	}
	isns_object_list_print(&objects, isns_print_stdout);
#endif

	isns_object_list_destroy(&objects);
	isns_simple_free(dereg);

	return status;
}
Exemple #21
0
EVP_PKEY *
isns_dsasig_load_private_pem(isns_security_t *ctx, const char *filename)
{
	EVP_PKEY	*pkey;
	FILE		*fp;

	if (!(fp = fopen(filename, "r"))) {
		isns_error("Unable to open DSA keyfile %s: %m\n",
				filename);
		return 0;
	}

	pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
	fclose(fp);
	return pkey;
}
Exemple #22
0
int
list_objects(isns_client_t *clnt, int argc, char **argv)
{
	isns_attr_list_t	query_keys = ISNS_ATTR_LIST_INIT;
	isns_object_template_t	*query_type = NULL;
	isns_simple_t		*simp;
	int			status, count = 0;

	if (!parse_list(argc, argv, &query_type, &query_keys))
		isns_fatal("Unable to parse parameters\n");

	simp = isns_create_getnext(clnt, query_type, &query_keys);
	while (1) {
		isns_object_t	*obj = NULL;
		isns_simple_t	*followup;

		status = isns_client_call(clnt, &simp);
		if (status)
			break;

		status = isns_getnext_response_get_object(simp, &obj);
		if (status)
			break;

		printf("Object %u:\n", count++);
		isns_object_print(obj, isns_print_stdout);
		isns_object_release(obj);

		followup = isns_create_getnext_followup(clnt,
				simp, &query_keys);
		isns_simple_free(simp);
		simp = followup;
	}

	if (status == ISNS_SOURCE_UNAUTHORIZED
	 && query_type == &isns_policy_template
	 && !opt_local)
		isns_warning("Please use --local trying to list policies\n");

	if (status != ISNS_NO_SUCH_ENTRY) {
		isns_error("GetNext call failed: %s\n",
				isns_strerror(status));
		return status;
	}
	return ISNS_SUCCESS;
}
Exemple #23
0
/*
 * Create a server object
 */
isns_server_t *
isns_create_server(isns_source_t *source, isns_db_t *db,
			struct isns_service_ops *ops)
{
	isns_server_t	*srv;

	if (source == NULL) {
		isns_error("%s: source name not set\n", __FUNCTION__);
		return NULL;
	}

	srv = isns_calloc(1, sizeof(*srv));
	srv->is_source = isns_source_get(source);
	srv->is_db = db;
	srv->is_ops = ops;

	return srv;
}
Exemple #24
0
/*
 * Load all objects owner by a specific service from the local registry.
 * If the svcname starts with "!", all entries except those matching this
 * particular service are returned.
 */
int
isns_local_registry_load(const char *svcname, pid_t pid, isns_object_list_t *objs)
{
	__isns_local_registry_cb_fn_t *if_matching = NULL, *if_nonmatching = NULL;

	if (svcname == NULL) {
		isns_error("%s: no svcname given\n", __FUNCTION__);
		return 0;
	}
	if (*svcname == '!') {
		if_nonmatching = __isns_local_registry_load_object;
		svcname++;
	} else {
		if_matching = __isns_local_registry_load_object;
	}

	return __isns_local_registry_read(
			__isns_local_registry_make_owner(svcname, pid),
			if_matching, if_nonmatching, objs);
}
Exemple #25
0
int
isns_dsa_store_public(const char *name, EVP_PKEY *key)
{
	FILE	*fp;
	int	rv;

	if (!(fp = fopen(name, "w"))) {
		isns_error("Unable to open %s: %m\n", name);
		return 0;
	}

	rv = PEM_write_PUBKEY(fp, key);
	fclose(fp);

	if (rv == 0)
		isns_dsasig_report_errors("Failed to store public key",
				isns_error);

	return rv;
}
Exemple #26
0
EVP_PKEY *
isns_dsasig_load_public_pem(isns_security_t *ctx, const char *filename)
{
	EVP_PKEY	*pkey;
	FILE		*fp;

	if (!(fp = fopen(filename, "r"))) {
		isns_error("Unable to open DSA keyfile %s: %m\n",
				filename);
		return 0;
	}

	pkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
	if (pkey == NULL) {
		isns_dsasig_report_errors("Error loading DSA public key",
				isns_error);
	}

	fclose(fp);
	return pkey;
}
Exemple #27
0
isns_policy_t *
isns_policy_bind(const isns_message_t *msg)
{
	isns_policy_t		*policy = NULL;
	isns_principal_t	*princ = NULL;

	/* When the admin turns off gravity,
	 * pigs can fly, too. */
	if (isns_config.ic_security == 0) {
		policy = &isns_flyingpigs_powers;
		goto found;
	}

	/* If the caller is the local root user, s/he can
	 * do anything. */
	if (msg->im_creds && msg->im_creds->CMSGCRED_uid == 0) {
		policy = &isns_superhero_powers;
		goto found;
	}

	/* Tie the SPI given in the auth block to a
	 * source name.
	 * For now, the names have to match. Down the road,
	 * there may be more flexible schemes.
	 */
	if ((princ = msg->im_security) != NULL) {
		if ((policy = princ->is_policy) != NULL)
			goto found;

		isns_error("Internal error - no policy for "
				"principal %s!\n",
				princ->is_name);
	}

	policy = &isns_dweeb_powers;

found:
	policy->ip_users++;
	return policy;
}
Exemple #28
0
/*
 * TCP/UDP port
 */
int
isns_tcpudp_port_parse(isns_value_t *value, const char *string)
{
	uint32_t	num;
	const char	*ep;

	num = strtoul(string, (char **) &ep, 0);
	if (ep && *ep) {
		if (!strcasecmp(ep, "/udp"))
			num |= ISNS_PORTAL_PORT_UDP_MASK;
		else
		if (!strcasecmp(ep, "/tcp"))
			/* nothing */;
		else {
			isns_error("Cannot parse port spec \"%s\"\n",
					string);
			return 0;
		}
	}
	value->iv_uint32 = num;
	return 1;
}
Exemple #29
0
static int
__register_objects(isns_client_t *clnt,
		isns_object_t *key_obj,
		const isns_object_list_t *objects)
{
	isns_source_t	*source = NULL;
	isns_simple_t	*reg;
	uint32_t	status;
	unsigned int	i;

	for (i = 0; i < objects->iol_count && !source; ++i) {
		isns_object_t *obj = objects->iol_data[i];

		if (!isns_object_is_iscsi_node(obj))
			continue;
		source = isns_source_from_object(obj);
	}

	reg = isns_create_registration2(clnt, key_obj, source);
	isns_registration_set_replace(reg, opt_replace);

	/* Add all objects to be registered */
	for (i = 0; i < objects->iol_count; ++i)
		isns_registration_add_object(reg, objects->iol_data[i]);

	status = isns_client_call(clnt, &reg);
	isns_simple_free(reg);

	if (status == ISNS_SUCCESS)
		printf("Successfully registered object(s)\n");
	else
		isns_error("Failed to register object(s): %s\n",
				isns_strerror(status));

	if (source)
		isns_source_release(source);
	return status;
}
Exemple #30
0
isns_keystore_t *
isns_create_db_keystore(isns_db_t *db)
{
	isns_db_keystore_t *store;
	isns_object_t	*entity;

	isns_debug_auth("Creating DB keystore\n");
	if (!(entity = isns_db_get_control(db))) {
		isns_error("Could not create control entity in database\n");
		return NULL;
	}
	isns_debug_auth("Control entity is 0x%08x\n", entity->ie_index);

	store = isns_calloc(1, sizeof(*store));
	store->sd_base.ic_name = "database key store";
	store->sd_base.ic_find = __isns_db_keystore_find;
	store->sd_base.ic_get_policy = __isns_db_keystore_get_policy;
	store->sd_control = entity;
	store->sd_db = db;

	isns_register_callback(__isns_db_keystore_change_notify, store);

	return (isns_keystore_t *) store;
}